Session 2024-25
Crime and Policing Bill
Written evidence submitted by Professor Alexander Sarch, Professor of Legal Philosophy, School of Law, University of Surrey, and Ms Vanessa Reid, Senior Associate (barrister), Corker Binning (CPB26)
Fixing the Expanded Identification Doctrine in the Crime & Policing Bill
Professor Alex Sarch | Bio Ms Vanessa Reid | Bio
University of Surrey Law School Senior Associate
Corker Binning
I. Policy Context
The identification doctrine historically is the primary mechanism in UK law for attributing criminal liability to organisations for offences requiring proof of a specific mental state (mens rea). Under the common law doctrine, an organisation would be guilty of a criminal offence where an individual representing the company’s directing mind and will possessed the mens rea required for the offence. This was an extremely high threshold to meet. Only someone with full discretion and authority to ‘control what [the company] does’ could be a directing mind and will whose criminal actions and mental states were attributable to the company. [1]
Following extensive criticism of the doctrine as overly narrow [2] and a Law Commission consultation proposing expansion of the doctrine, [3] the Economic Crime and Corporate Transparency Act 2023 broadened the Identification Doctrine for economic crimes. Section 196 of this Act established that "[i]f a senior manager of a body corporate or partnership (‘the organisation’) acting within the actual or apparent scope of their authority commits a relevant offence [defined in sub-section (2)] after this section comes into force, the organisation is also guilty of the offence." [4] Under s.196(4), a senior manager "means an individual who plays a significant role in (a) the making of decisions about how the whole or a substantial part of the activities of the [organisation] are to be managed or organised, or (b) the actual managing or organising of the whole or a substantial part of those activities."
Recognizing that "the identification doctrine in law applies more widely than economic crimes," [5] the Government committed in its Economic Crime Plan 2 and Fraud Strategy to extend the expanded Identification Doctrine to all criminal offences (when a suitable bill enabling reform for all crimes would arise). This also matches the Law Commission’s original recommendation. [6] On the 25th of February 2025, the Government introduced a bill that makes good on this commitment. [7] Section 130 of Crime and Policing Bill 2025 provides that:
(1) Where a senior manager of a body corporate or partnership ("the organisation") acting within the actual or apparent scope of their authority commits an offence under the law of England and Wales, Scotland or Northern Ireland, the organisation also commits the offence (subject to [the jurisdictional limit ations in] subsection (2)). [8]
II. The Problem: Scope of Senior Managers’ Authority
While the expanded Identification Doctrine has sensible justifications, it is important to draw attention to problems with the proposed statutory text of Section130. The proposed language is in danger of being overly broad because it is insufficiently clear about what actions by senior managers will or will not be considered "within the apparent or actual scope of their authority." Below we suggest two possible fixes for this problem, but first let us explain what problems arise for the proposed text of Section 130.
Two main problems arise because Section 130 is not sufficiently clear about what determines the scope of the actual or apparent authority of a senior manager and does not otherwise include any requirement that the defendant must intend to benefit the organisation.
Problem 1: Crimes Against the Organisation
First, this provision risks permitting the organisation to be convicted of offences committed by a senior manager when the organisation itself was the victim of the offence. For example, this could be the case if the senior manager steals valuable property or secrets from the company employing them. The text of Section 130 currently does not rule out that such actions can be within the manager’s authority. However, it would clearly be perverse for the organisation to be "victimised" twice over by being harmed first by the senior manager’s crime and then second by being convicted and punished for this very offence under the expanded Identification Doctrine.
Crucially, this problem is not solved by the clarification provided in the Explanatory Notes to the Economic Crime and Corporate Transparency Act 2023. Note 827 states:
The senior manager must be acting within the actual or apparent scope of their authority. This does not mean that the senior manager must have been authorised to carry out a criminal offence. It would be enough that the act was of a type that the senior manager was authorised to undertake or which would ordinarily be undertaken by a person in that position. For instance, if a Chief Financial Officer commits fraud by deliberately making false statements about a company’s financial position, the company would be liable since the act of making statements about the company’s financial position is within the scope of that person’s authority. [9]
There are of course cases where a senior manager is carrying out a type of conduct that would ordinarily be undertaken by a person in that position but which amounts to a crime of which the organisation itself is the victim. For example, a CFO might ordinarily have access to company accounts and initiate transfers from these accounts to others. But this type of action can of course amount to a crime against the company should this manager decide, for example, to drain the company account to which she was given access and take the funds for herself. It would be counterintuitive to convict the company of this crime of which it was itself the victim.
Problem 2: Purely Personal Crimes
A related difficulty is that Section 130 appears to allow the organisation to be convicted of crimes performed by the senior manager in the course of carrying out his or her assigned tasks but for purely personal reasons having nothing to do with any aim or intent to benefit the organisation.
For example, a senior manager might commit crimes that are purely personal to themselves even while carrying out actions "of a type that would ordinarily be undertaken by a person in that position." [10] For example, a senior manager might have been given a company car in order to enable her to drive herself efficiently between business meetings at sites across the region. But, for reasons related only to benefitting herself, not the company, she elects to engage in the authorised type of conduct (driving between business meetings) in a way that constitutes the offence of dangerous driving in contravention of Section 2A of the Road Traffic Act 1988. It would be odd in the extreme – threatening the perceived legitimacy of the criminal law – to convict the company itself of dangerous driving. Such a conviction suggests the conduct was something the company did or ordered or at least plausibly would be benefitted by. But that is not the case when the crime is done for purely personal reasons. Some nexus between the senior manager’s crime and an actual or intended benefit to the organisation is necessary to ground the attribution of liability to the organisation for the senior manager’s crime.
This is not an isolated example. There are many offences that likewise raise this issue – from sending threatening messages or other cybercrimes to insider dealing to property crime – whenever the individual senior manager carries out an assigned type of task in a manner that amounts to a crime for purely personal reasons that have nothing to do with benefitting the organisation.
Faced with such cases, the organisation might contend that it does not authorise any criminal conduct of any kind by any employee. However, this kind of general attempt to avoid liability by expressly removing authorisation for any criminal conduct (for example as a condition included in the contract of employment) is unlikely to be deemed legally effective, particularly in light of existing case law relating to actual and apparent authority in the agency context. [11] What is more, if this gambit were given effect, it would make it nearly impossible for the organisation to be convicted of offences by the senior manager even when they were intended to benefit the company. This can hardly be the intent of Parliament in expanding the Identification Doctrine.
A problem of duelling act descriptions: As a result, what type of conduct by senior managers is intended to fall within their actual or apparent authority for purposes of the expanded identification doctrine must be substantially clarified – preferably through statutory language or at least through clearer guidance or legislative notes. Without such clarification, the danger is that in cases like the above, prosecutors and defendants will simply have to offer conflicting descriptions of the type of conduct undertaken by the senior manager, and there will be no principled guidance available to private actors or courts about how to determine which interpretation is correct.
Prosecutors will argue that the senior manager stealing from the company or driving dangerously was engaged in a type of action that would normally be undertaken by a person in that role – e.g. managing company accounts or travelling between business meetings. The organisation being prosecuted will insist on describing the conduct more narrowly as stealing from the company or driving in a criminally dangerous manner. The organisation would plausibly be convicted of these offences under Section 130 if the prosecution’s description of the conduct is chosen because that will be deemed to be within the manager’s authority. By contrast, the organisation would likely avoid conviction if its preferred narrower description is adopted, as conduct described as criminal is unlikely to be seen as authorised. The statute and the notes provide no basis on which to determine which of these act descriptions to select. After all, both do truthfully describe the manager’s conduct, but both liability outcomes (conviction and acquittal) cannot be justified simultaneously.
Clarification of the law in this regard prior to passage of the bill is therefore essential for the intelligibility of the law as well as to provide fair notice to the public.
Although these issues were potentially present at the time of the initial expansion of the identification doctrine to senior managers upon passage of the Economic Crime and Corporate Transparency Act 2023, the list of economic crimes to which those provisions then applied was much narrower and included only economic crimes of the type that were unlikely to be carried out against the employer organisation. Insider dealing, for example, is often carried out by misappropriating non-public information from one’s employer and was not on the specified list of offences. [12] However, with the expansion of these provisions to all crimes of any kind, much more difficult issues arise regarding what type of conduct by a senior manager will give rise to liability by their corporate employer.
III. Policy Recommendations
Thankfully, there is an easy fix for these problems, which can be adopted from other jurisdictions – and indeed from other UK offences applying the Failure to Prevent model, as explained below. US federal law’s approach to attributing criminal liability to corporations (a wider respondeat superior model than the UK employs [13] ) contains one central additional restriction for convicting the corporation of an employee’s crime, which should be added to Section 130 of the Crime and Policing Bill as well.
Under US federal law, when an employee commits an offence, it can be imputed to the employer company if, at the time, the employee was not only working within the scope of her employment (akin to the requirement that the senior manager was acting within their actual or apparent authority), but also that the manager intended to benefit the company through their conduct. [14]
Building a similar "intent to benefit the organisation" element into the text of Section 130 would neatly avoid the problems described above. After all, neither the embezzling senior manager who victimises the organisation nor the dangerously driving senior manager speeding between meetings for the thrill of it engages in their criminal conduct in order to benefit the organisation. Convicting the organisation for these purely personal crimes would thus be blocked. By contrast, if the manager did intend to benefit the organisation via their criminal conduct, then there would be a substantial connection between the crime and the organisation that would make it sensible and justified to hold the organisation accountable for it.
Indeed, the prudence of this "intent to benefit the organisation" element is further demonstrated to by the fact that it was incorporated into the recently created offence of Failure to Prevent Fraud as well as the earlier offence of Failure to Prevent Bribery. Both of these offences also require that an associated person commit a predicate offence with the intent benefit the organisation. [15]
Accordingly, a better version of the text of Section 130 would be the following (additions in bold):
Proposed Revision to Section 130
Where a senior manager of a body corporate or partnership ("the organisation") acting within the actual or apparent scope of their authority , and with the intention to benefit the organisation , commits an offence under the law of England and Wales, Scotland or Northern Ireland, the organisation also commits the offence (subject to [the jurisdictional limitations in] subsection (2)).
Our primary recommendation is to revise Section 130 in this manner. Failing that, our secondary recommendation is to add a legislative note to the effect that a senior manager’s criminal action falls outwith their apparent or actual authority when it is aimed at harming the organisation or else done for purely personal reasons without any intention to benefit the organisation.
IV. Conclusion
Adopting either of these recommendations would greatly strengthen the integrity of the proposed expansion of the Identification Doctrine to all criminal offences and avoid the problems described above. Without adopting such a fix, the public’s trust in the criminal law is threatened. The legislative text thus should be narrowed to avoid the counterintuitive and damaging implications of Section 130 as it currently stands in the Crime and Policing Bill. [16]
Professor Alexander Sarch, University of Surrey School of Law
Ms Vanessa Reid, Corker Binning
28 March 2025
[1] Tesco Supermarkets Ltd v Nattrass [1972] AC 153, 170 (Lord Reid); SFO v Barclays, [2018] EWHC 3055 (QB).
[2] For a useful summary, see Law Commission, Corporate Criminal Liability: An Options Paper (2022) para 3.56–3.72 ("Options Paper"), www.lawcom.gov.uk/project/corporate-criminal-liability/.
[3] Ibid.
[4] See s.196(2) for the relevant economic offences that are in scope for the expanded Identification Doctrine.
[5] Impact Assessment, Reform to the Identification Doctrine (13 June 2023), para 13, https://assets.publishing.service.gov.uk/media/648c20455f7bb7000c7fabca/5_IDD_Impact_Assessment.pdf
[6] See Law Commission, Corporate Criminal Liability: An Options Paper (2022) para. 2.64 & 4.76, www.lawcom.gov.uk/project/corporate-criminal-liability/.
[7] https://publications.parliament.uk/pa/bills/cbill/59-01/0187/240187.pdf
[8] Ibid. at p. 141.
[9] https://www.legislation.gov.uk/ukpga/2023/56/notes/division/11/index.htm
[10] Ibid.
[11] The Law Debenture Trust Corpn plc v Ukraine [2023] UKSC 11 at [42], which recognizes that although a manager’s "actual authority…is subject to the express limitation which has been placed upon it," not all such limitations are effective, and "he still has ostensible authority to do all of the things a managing director in his position may usually do". Accordingly, even if a company were to include express contractual language saying that a manager was prohibited from engaging in illegal activities, if that person did so by doing an activity that was of a type that someone in that position would ordinarily do, and others had no reason to know that this person is technically not authorised to do this activity, the conduct could still be deemed to be within the manager’s authority.
[12] Economic Crime and Corporate Transparency Act 2023, Schedule 12, https://www.legislation.gov.uk/ukpga/2023/56/schedule/12
[13] See Law Commission, Corporate Criminal Liability: An Options Paper (2022) para 5.49–5.53, www.lawcom.gov.uk/project/corporate-criminal-liability
[14] Developments in the Law-Corporate Crime: Regulating Corporate Behavior Through Criminal Sanction, 92 Harvard L. Rev. 1243, 1247 (1979); Restatement (Third) of Agency § 2.04; Mihailis Diamantis, Functional Corporate Knowledge, 61 William & Mary L. Rev. 319, 338-339 (2019); Eli Lederman, Models for Imposing Corporate Criminal Liability, 4 Buffalo Criminal L. Rev. 641, 654–655 (2000)).
[15] See Economic Crime and Corporate Transparency Act 2023, s. 199(1), which conditions Failure to Prevent liability for the organization on an associated person committing "a fraud offence intending to benefit (whether directly or indirectly) the relevant body...". A similar intent to benefit the organisation requirement is to be found in the Failure to Prevent Bribery offence. See Bribery Act 2010, s.7(1).
[16] There are other respects in which even the expanded Identification Doctrine remains too narrow and individualistic in focus and not reflective of the complexities of corporate decision-making in modern business settings. See Alex Sarch, Collective Knowledge and the Limits of the Expanded identification Doctrine, 44 Oxford Journal of Legal Studies, 920–948 (2024) https://academic.oup.com/ojls/article/44/4/920/7713078. But that raises more complex issues. We are happy to provide additional briefing on these points as well, but our main recommendation is exceedingly simpler and therefore, we think, stronger.